ANNFiD is an experimental forensic tool that identifies file types using neural networks. A GUI tool is used to train the network for new file types. It is intended to be used to determine the nature of corrupted files.

AirSAM is a desktop GUI that compliments the Web
based Snort Alert Monitor. AirSAM gives up to date
insight into who might be attacking your network.
The ultimate goal is to give audio/visual cues
right at the time of the attack. AirSAM is an
Adobe Air application and should run on Mac OS,
Linux, and Windows.

CarvFS is a user space FUSE filesystem aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The filesystem allows CarvPath-aware tools to use CarvPath annotations as a way to designate partitions, files, alternate streams, processes etc. within a disk or memory image as a string, making them available trough the filesystem as a pseudo file that can be handed to other tools. This removes the need to copy the information out of the disk image and reduces storage requirements.

CarvPath (libcarvpath) is a library aimed at computer forensic tools that process disk and/or memory dump images or other large data files. The library allows the creation and manipulation of CarvPath annotations, which are a way to annotate partitions, files, alternate streams, processes etc. within a disk or memory image as a string. Entities within a CarvPath notation can be fragmented and/or nested, and allow for the expression of 'sparse' fragments within an entity. The CarvPath annotations resemble a path string in a filesystem, and thus present a basis for the interaction between computer forensics tools and the CarvPath-based user space file-system, CarvFs.

The Cryptographic Implementations Analysis Toolkit
(CIAT) is a compendium of command line and
graphical tools whose aim is to help in the
detection and analysis of encrypted byte sequences
within files (executable and non-executable). It
is particularly helpful in the forensic analysis
and reverse engineering of malware using
cryptographic code and encrypted payloads.

DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

FCCU GNU/Linux Forensic Bootable CD is a
bootable CD based on Debian-live that contains
a lot of tools suitable for computer forensic
investigations, including bash scripts. Its main
purpose is to create images of devices prior to
analysis, and it is used by the Belgian Federal
Computer Crime Unit.

FileExtractor is a tool for recovering files from a binary data source. It is useful when sources such as digital cameras, partitions, hard drives, memory sticks, or floppy disks are corrupted, deleted, or formatted by mistake.